Lucene search
K

56 matches found

CVE
CVE
added 2026/06/24 5:22 p.m.11 views

CVE-2026-48725

Warp exposes a vulnerability where terminal output can request access to the local clipboard via OSC 52. From build 0.2021.04.25.23.05.stable_00 up to 0.2026.05.06.15.42.stable_01, a malicious remote host or attacker-controlled terminal output source could trigger reads or writes to the user’s cl...

8.1CVSS5.9AI score0.00213EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 9:16 a.m.11 views

CVE-2026-12058

The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed...

5.3CVSS0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-40068

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

8.8CVSS5.5AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.8 views

CVE-2026-35675

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via...

8.8CVSS5.5AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 9:16 p.m.3 views

CVE-2026-24887

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

8.8CVSS0.00562EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 8:50 p.m.4 views

EUVD-2026-5159

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

7.7CVSS5.7AI score0.00562EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 8:50 p.m.3 views

CVE-2026-24887

Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted...

7.7CVSS5.7AI score0.00562EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-6214

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.72 Description Claude Code is an agentic coding tool. A flaw in command parsing allowed bypassing the confirmation prompt, potentially triggering the execution of untrusted commands via the find command...

8.8CVSS5.8AI score0.00562EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.7 views

CVE-2025-9521

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...

6.5CVSS5.9AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/01/26 8:16 p.m.6 views

CVE-2025-9521

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...

6.5CVSS0.00282EPSS
Exploits0References2
CVE
CVE
added 2026/01/26 7:35 p.m.11 views

CVE-2025-9521

CVE-2025-9521 concerns a Password Confirmation Bypass in Omada Controllers. The trusted-source documents indicate that an attacker with a valid session token can bypass secondary verification and change a user’s password without proper confirmation, weakening account security. Affected product is...

6.5CVSS5.9AI score0.00282EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/26 7:35 p.m.4 views

CVE-2025-9521

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...

2.1CVSS5.9AI score0.00282EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/26 7:35 p.m.28 views

CVE-2025-9521 Password Confirmation Bypass in Omada Controller

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...

2.1CVSS0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/26 7:35 p.m.6 views

EUVD-2025-206348

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...

2.1CVSS5.9AI score0.00282EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/21 8:42 p.m.17 views

CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...

5.3CVSS5.7AI score0.2297EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/11/22 8:30 a.m.5 views

CVE-2025-13318 Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dexbccfcheckIPNverification function. This makes it possible for unauthenticated...

5.3CVSS0.00265EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-3794

Malware in sbrugna...

4.3CVSS6.3AI score0.01374EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-4518

Malware in sbrugna...

7.5CVSS9.3AI score0.02678EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27564

Malicious code in bioql PyPI...

8.7CVSS6.4AI score0.00512EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-31325

Malicious code in bioql PyPI...

6.7CVSS6.6AI score0.00343EPSS
Exploits1References3
Rows per page
Query Builder